]
def check(self, cr, uid, ids, mode, context=None, values=None):
- """Check access wrt. res_model, relax the rule of ir.attachment parent
- With 'document' installed, everybody will have access to attachments of
- any resources they can *read*.
- """
- return super(document_file, self).check(cr, uid, ids, mode='read', context=context, values=values)
+ super(document_file, self).check(cr, uid, ids, mode, context=context, values=values)
+ if ids:
+ # use SQL to avoid recursive loop on read
+ cr.execute('SELECT id, parent_id from ir_attachment WHERE id in %s', (tuple(ids),))
+
+ parent_ids = []
+ for attach_id, attach_parent in cr.fetchall():
+ if attach_parent:
+ parent_ids.append(attach_parent)
+
+ self.pool.get('document.directory').check_access_rule(cr, uid, parent_ids, mode, context=context)
def search(self, cr, uid, args, offset=0, limit=None, order=None, context=None, count=False):
# Grab ids, bypassing 'count'
<field eval="0" name="perm_read"/>
<field eval="1" name="perm_create"/>
</record>
-
- <record id="ir_rule_readpublicdocuments0" model="ir.rule">
- <field name="model_id" ref="base.model_ir_attachment"/>
- <field name="domain_force">[
- '|',
- '|',
- '|',
- ('parent_id','=',False),
- ('parent_id.group_ids','in',[g.id for g in user.groups_id]),
- ('parent_id.user_id', '=', user.id),
- '&',
- ('parent_id.user_id', '=', False),
- ('parent_id.group_ids','=',False),
- '|',
- '|',
- ('company_id','=',False),
- ('company_id','child_of',[user.company_id.id]),
- ('company_id.child_ids','child_of',[user.company_id.id])]
- </field>
- <field name="name">Read public documents</field>
- <field eval="0" name="global"/>
- <field eval="[(6,0,[ref('base.group_user')])]" name="groups"/>
- <field eval="0" name="perm_unlink"/>
- <field eval="0" name="perm_write"/>
- <field eval="1" name="perm_read"/>
- <field eval="0" name="perm_create"/>
- </record>
-
- <record id="ir_rule_documentmodifyowndocuments0" model="ir.rule">
- <field name="model_id" ref="base.model_ir_attachment"/>
- <field name="domain_force">[
- '|',
- ('parent_id.user_id', '=', user.id),
- '&',
- ('parent_id.group_ids','in',[g.id for g in user.groups_id]),
- ('parent_id.user_id','=',False),
- '|',
- '|',
- ('company_id','=',False),
- ('company_id','child_of',[user.company_id.id]),
- ('company_id.child_ids','child_of',[user.company_id.id])]
- </field>
- <field name="name">Document modify own document</field>
- <field eval="0" name="global"/>
- <field eval="[(6,0,[ref('base.group_document_user')])]" name="groups"/>
- <field eval="1" name="perm_unlink"/>
- <field eval="1" name="perm_write"/>
- <field eval="0" name="perm_read"/>
- <field eval="1" name="perm_create"/>
- </record>
-
+
</data>
</openerp>